Da Rock wrote:
> On Thu, 2009-04-02 at 09:59 +0200, Buchan Milne wrote:
>> On Wednesday 01 April 2009 10:44:56 Da Rock wrote:
>>> On Wed, 2009-04-01 at 01:48 +0200, Michael Ströder wrote:
>>>> Da Rock wrote:
>>>>> so I'm trying to
>>>>> work out how to setup the system to do a simple bind
>>>> ldapsearch -x -D <bind-DN>
>>> I know that, thanks, but this is affecting other apps from obtaining
>>> data from the system. I can also just go ldapsearch -x for anonymous. It
>>> appears I'm all in or bust! Unless I can set it up so apps can do simple
>>> bind...
>> If you can do a simple bind (anonymous, or authenticated), there (in most
>> cases) is nothing preventing other applications from doing simple binds.
>> Having SASL support compiled in to the server does not prevent other
>> applications for doing simple binds.
>>
>> Maybe you should provide more information about the applications in question,
>> and how they are configured.
>>
>> (Note: In the past Apple's LDAP client software for Mac OS seems to use
>> whichever SASL mechanisms are advertised by the LDAP server, but this again
>> isn't about SASL support being compiled in or not).
>
> Thats what I would have figured, yet I get no joy, nothing I can see out
> of the ordinary in the logs, and all the apps are auth types (courier,
> pam, postfix)- plus records for bind.
>
> Bind doesn't bind to the ldap, and I'm trying to setup the others to do
> the same. Obviously, courier has to bind to confirm auth- but only as
> the user (not bind as courier, then again as the user).
>
> Bind works: tested that myself. The others fail miserably.
>
> I'm not entirely sure what else I need to add exactly, the platform is
> freebsd with openldap built with sasl from ports.
>
> Before anyone suggests it, I already have a mail server running
> (postfix, courier); I want ldap as lookup source to ease administration.
> The pam is completely new to me, I'm following a lot of howtos on the
> web to compile a picture of how it all works.
>
> Now as to pam, I thought it must be my ineptitude in configuration, so I
> put it on hold and moved to something easier. Unfortunately I hit a
> similar snag there with the imap auth, hence I looked at the ldapsearch
> angle. Seems I could be wrong there based on comments received....
Sorry, nothing in your postings gives enough information to help you.
Posting *relevant* excerpts of configuration and log files and some more
information about the client applications is quite helpful.
Ciao, Michael.